From 92f47f8ecae754448431110110a20acf3a80120f Mon Sep 17 00:00:00 2001
From: Andreas Neustifter <andreas.neustifter@gmail.com>
Date: Thu, 28 Jun 2018 04:35:28 +0000
Subject: [PATCH 1/5] [nginx] Fix indentation.

---
 mods/sample-nginx.config | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/mods/sample-nginx.config b/mods/sample-nginx.config
index 829bfc70a..0b96f50ba 100644
--- a/mods/sample-nginx.config
+++ b/mods/sample-nginx.config
@@ -72,10 +72,12 @@ server {
   charset utf-8;
   root /var/www/friendica;
   access_log /var/log/nginx/friendica.log;
-    #Uncomment the following line to include a standard configuration file
-    #Note that the most specific rule wins and your standard configuration
-    #will therefore *add* to this file, but not override it.
+
+  # Uncomment the following line to include a standard configuration file Note
+  # that the most specific rule wins and your standard configuration will
+  # therefore *add* to this file, but not override it.
   #include standard.conf
+
   # allow uploads up to 20MB in size
   client_max_body_size 20m;
   client_body_buffer_size 128k;

From cb600b5a5fead1ef30b36d493210e3e8ef5d6b90 Mon Sep 17 00:00:00 2001
From: Andreas Neustifter <andreas.neustifter@gmail.com>
Date: Thu, 28 Jun 2018 04:41:27 +0000
Subject: [PATCH 2/5] [nginx] Readd option to statically server pictures.

---
 mods/sample-nginx.config | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/mods/sample-nginx.config b/mods/sample-nginx.config
index 0b96f50ba..7bf8a1f10 100644
--- a/mods/sample-nginx.config
+++ b/mods/sample-nginx.config
@@ -105,6 +105,14 @@ server {
     deny all;
   }
 
+  # statically serve these file types when possible otherwise fall back to
+  # front controller allow browser to cache them added .htm for advanced source
+  # code editor library
+  #location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
+  #  expires 30d;
+  #  try_files $uri /index.php?pagename=$uri&$args;
+  #}
+
   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
   # or a unix socket
   location ~* \.php$ {

From f44cb1ccce16ee76c2a47dc096f31058e78d59d8 Mon Sep 17 00:00:00 2001
From: Andreas Neustifter <andreas.neustifter@gmail.com>
Date: Thu, 28 Jun 2018 04:41:59 +0000
Subject: [PATCH 3/5] [nginx] Move together deny blocks.

---
 mods/sample-nginx.config | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/mods/sample-nginx.config b/mods/sample-nginx.config
index 7bf8a1f10..a3e461196 100644
--- a/mods/sample-nginx.config
+++ b/mods/sample-nginx.config
@@ -100,11 +100,6 @@ server {
 
   include mime.types;
 
-  # block these file types
-  location ~* \.(tpl|md|tgz|log|out)$ {
-    deny all;
-  }
-
   # statically serve these file types when possible otherwise fall back to
   # front controller allow browser to cache them added .htm for advanced source
   # code editor library
@@ -138,6 +133,11 @@ server {
     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   }
 
+  # block these file types
+  location ~* \.(tpl|md|tgz|log|out)$ {
+    deny all;
+  }
+
   # deny access to all dot files
   location ~ /\. {
     deny all;

From 79a8320fedd1e444b9acf11feaa3d160f5e4a5ff Mon Sep 17 00:00:00 2001
From: Andreas Neustifter <andreas.neustifter@gmail.com>
Date: Thu, 28 Jun 2018 04:43:33 +0000
Subject: [PATCH 4/5] [nginx] Use try_files instead of if for /.well-known/.

See https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
---
 mods/sample-nginx.config | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/mods/sample-nginx.config b/mods/sample-nginx.config
index a3e461196..0c5443828 100644
--- a/mods/sample-nginx.config
+++ b/mods/sample-nginx.config
@@ -93,9 +93,7 @@ server {
   # by denying dot files and rewrite request to the front controller
   location ^~ /.well-known/ {
     allow all;
-   if (!-e $request_filename) {
-     rewrite ^(.*)$ /index.php?pagename=$1;
-   }
+    try_files $uri /index.php?pagename=$uri&$args;
   }
 
   include mime.types;

From 6a85b345041644c26b4632938bd3cdffbedcc1cb Mon Sep 17 00:00:00 2001
From: Andreas Neustifter <andreas.neustifter@gmail.com>
Date: Thu, 28 Jun 2018 19:15:06 +0000
Subject: [PATCH 5/5] [nginx] Use try_file instead of if.

See https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/?utm_source=tool.lu#check-if-file-exists.
---
 mods/sample-nginx.config | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/mods/sample-nginx.config b/mods/sample-nginx.config
index 0c5443828..e4ce90251 100644
--- a/mods/sample-nginx.config
+++ b/mods/sample-nginx.config
@@ -84,9 +84,7 @@ server {
 
   # rewrite to front controller as default rule
   location / {
-    if (!-e $request_filename) {
-      rewrite ^(.*)$ /index.php?pagename=$1;
-    }
+    try_file $uri /index.php?pagename=$uri&$args;
   }
 
   # make sure webfinger and other well known services aren't blocked